The British outpost of luxury brand giant LVMH has become the latest UK retailer to suffer a serious security breach, after it began notifying customers that their personal data may have been compromised.
Louis Vuitton UK said it became aware of the breach on July 2, according to screenshots of the customer notification shared on X (formerly Twitter).
Personally identifiable information (PII) including first and second name, gender, country, phone number, email and postal address, date of birth, purchases and preference data may have been compromised, the firm said.
“Given the nature of the data involved, we warmly recommend that you remain vigilant against any unsolicited communication or other suspicious correspondence, including emails, phone calls or text messages,” the message noted.
“While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorized use of your information may occur.”
Read more on retail breaches: #Infosec2025: UK Retail Hack Was “Subtle,” Not Complex, Says River Island CISO
The firm has notified the Information Commissioner’s Office (ICO).
The news comes just a week after Louis Vuitton disclosed that its Korean operations had been targeted by hackers, leading to the compromise of some personal data.
Two other LVMH brands, Christian Dior Couture and Tiffany, have also suffered customer data breaches this year. Both have been the subject of a government investigation since May.
Louis Vuitton is the latest in a long line of UK retailers hit by cyber-attacks. Members of the Scattered Spider collective were blamed for those against M&S and the Co-op, although Harrods and Adidas have also been targeted.
Last week, four individuals were arrested in connection with attacks on Marks & Spencer (M&S), Co-op and Harrods.
Two were apprehended by law enforcement in the West Midlands – a 17-year-old British man and a 19-year-old Latvian. A 20-year-old British woman was arrested in Staffordshire, while officers in London cuffed a 19-year-old British man.
Thomas Richards, infrastructure security practice director at Black Duck, argued that while no financial information was taken in the Louis Vuitton attack, there are still significant risks for the company and its customers.
“They could attempt to pose as customers and get more information from Louis Vuitton’s customer support team. Malicious emails could be sent to the victims pretending to be LV in an attempt to gain login or financial information,” he said.
“Customers should be on alert for any suspicious and sudden emails or calls directing them to take immediate action or face a negative consequence. The pattern of other LVMH regionals being compromised in similar ways might be indicative of a larger problem. The breach might not be fully contained, or these business units use similar technology and systems that have a vulnerability in it.”
LVMH should conduct an organization-wide security assessment to find out the root cause of the issue and implement changes to prevent further breaches, Richards added.
Image credit: Shan_shan / Shutterstock.com
No tags.
